CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11493
https://notcve.org/view.php?id=CVE-2020-11493
04 Sep 2020 — In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. En Foxit Reader y PhantomPDF versiones anteriores a 10.0.1, y PhantomPDF versiones anteriores a 9.7.3, los atacantes pueden obtener información confidencial sobre un objeto no inicializado debido a una transformación directa de un Objecto PDF a un Transmisión sin pr... • https://github.com/fengjixuchui/CVE-2020-11493 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15637 – Foxit PhantomPDF SetLocalDescription Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-15637
04 Aug 2020 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities t... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15638 – Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15638
04 Aug 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20823
https://notcve.org/view.php?id=CVE-2019-20823
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta un desbordamiento de búfer porque no se produce una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20824
https://notcve.org/view.php?id=CVE-2019-20824
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcslen en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20825
https://notcve.org/view.php?id=CVE-2019-20825
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20826
https://notcve.org/view.php?id=CVE-2019-20826
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. Se detectó un problema en Foxit PhantomPDF Mac versión 3.3 y Foxit Reader para Mac versiones anteriores a 3.3. Presenta una desreferencia del puntero NULL • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20827
https://notcve.org/view.php?id=CVE-2019-20827
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. Se detectó un problema en Foxit PhantomPDF Mac versión 3.3 y Foxit Reader para Mac versiones anteriores a 3.3. Permite el consumo de la pila debido a la interacción entre el espacio de color ICC-Based y el espacio de color Alternate • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20828
https://notcve.org/view.php?id=CVE-2019-20828
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta un desbordamiento de búfer porque no ocurre una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20829
https://notcve.org/view.php?id=CVE-2019-20829
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcsl en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •